The Evernote for Mac application could have been attacked via malicious code remotely. We know the news through the TechCrunch page that explains how Dhiraj Mishra, security researcher, detected the security problem green elephant note app the past 17 of March.
The attack is explained by Dhiraj Mishra himself on his blog. It is only necessary to press on a link masked as a web address, which in turn opens an application or certain files that are located locally without macOS or Evernote giving the attacker much trouble.
Apparently the attacker could in turn access our Mac remotely with Evernote installed. We can see in the video that Dhiraj Mishra himself has posted on his blog, where he demonstrates how it works. Suspiciously, when the user clicks on the masked link, the calculator opens macOS. This action should put us on alert and if we are in time, activate some security measure, such as applications that detect malware on our Mac. That is why we do not recommend accessing pages of suspicious origin and even less the opening of files that we do not know where it comes from.
Mishra notified Evernote of the discovery and I wait for its correction before revealing the error, so as not to panic or harm an application, when this attack could have chosen another application or service. In this way, Shelby Busen, Evernote spokesperson, it was pronounced saying that Evernote has fixed the problem and appreciates the contribution of security researchers. As a preventive measure, Evernote after correcting the bug, alerts users when they click a link to open a file.
It is Evernote's second security bug. The first occurred in 2016, four images and attachments could be seen, a fact that led to the flight of customers to other services that questioned the company's security measures.